Open jeremymailen opened 3 months ago
Hi @jeremymailen Thanks for reporting this. Can you share a code snippet of the request you're making please?
Sure, here's more repro detail:
InformationProtectionPolicy.Read.All
val credential =ClientSecretCredentialBuilder()
.tenantId(params.tenant)
.clientId(params.clientId)
.clientSecret(params.clientSecret)
.build()
val scopes = arrayOf("https://graph.microsoft.com/.default")
val allowedHosts = arrayOf("graph.microsoft.com")
val auth = AzureIdentityAuthenticationProvider(credential, allowedHosts, *scopes)
val client = GraphServiceClient(auth)
val labelResponse = client.security().informationProtection().sensitivityLabels()
.get { request -> request.queryParameters.top = 99 }
This throws the exception above.
Note that making this call manually with an http client reveals the error response actually looks like this:
403 Forbidden
"{"error":{"code":"UnknownError","message":"","innerError":{"date":"2024-04-09T17:16:04","request-id":"84d6f6a5-68ae-4b62-865c-4137a51f5ad6","client-request-id":"84d6f6a5-68ae-4b62-865c-4137a51f5ad6"}}}"
Thanks for the additional information. It seems to be failing on instantiating the error object which is strange. Do you have other call either succeeding, or failing while throwing a properly parsed exception in this application?
As for the service error itself, it's not super useful, I'd encourage reaching out to the support or asking a question on Microsoft Q&A with the Microsoft Graph tag.
The successful calls work with this msgraph client and serialize / deserialize objects correctly. So the happy path works fine. And also once we add the InformationProtectionPolicy.Read.All
permission to the app registration, things work from then on, so we know the source of the error and how to fix it.
The bug remains that this client doesn't correctly parse that error that gets returned. Perhaps there's a bug on the MS Graph server side where it should be returning a more specific error, but that's not for me to say :).
Thanks for the additional information. If you simply call deserialize with the string payload and the ODataErrorFactory as parameters, do you run into the same issue?
I think the development will be better equipped to troubleshoot from here as I understand code generation from specs is used to produce the implementation. Should be straightforward to reproduce.
So are you saying you're not going to try to repro just calling the deserialization code on the payload?
Are you unable to repro the issue? I think it's reproducible at least on any API call where your app registration doesn't have permission to make the call.
Expected behavior
API calls with errors should return a useable error response.
Actual behavior
An exception is thrown while parsing the permission error response:
Steps to reproduce the behavior